Showing papers on "Trojan published in 2023"

A Graph-Based Model for Discovering Host-Based Hook Attacks

Abstract: Though computer malicious software can be referred with different names such as virus, worm, Trojan, spam, and botnet, their ultimate goal is to causing damage to the end-computer or end-user. The progression in computer technology allows a malware writer to integrate obfuscation technique to evade detection specifically API hooking in Windows. Unfortunately, signature-based detection approach such as anti-virus software at the end-computer is not effective against system call reordering. To overcome this shortcoming, many different behavior-based approaches have been offered. However, these approaches bear limitations such as false positive, detecting zero-day attacks, and improving detection accuracy rate from past experience. In this article, an application programming interface (API)-based call graph model is put forward which captures API system call during malicious rootkit execution in Windows platform. As graph model can be effectively applied to replica complicated relation between entities, we opt it to visualize malicious rootkit behavior activities by monitoring system API calls. This will help the defender to optimally find malicious system calls from benign calls. Our simulated experiment analysis proves that our method achieves higher detection rate and accuracy with less false positive compared to existing techniques.

Trojan-D2: Post-Layout Design and Detection of Stealthy Hardware Trojans - a RISC-V Case Study

Abstract: With the exponential increase in the popularity of the RISC-V ecosystem, the security of this platform must be re-evaluated especially for mission-critical and IoT devices. Besides, the insertion of a Hardware Trojan (HT) into a chip after the in-house mask design is outsourced to a chip manufacturer abroad for fabrication is a significant source of concern. Though abundant HT detection methods have been in-vestigated based on side-channel analysis, physical measurements, and functional testing to overcome this problem, there exists stealthy HTs that can hide from detection. This is due to the small overhead of such HTs compared to the whole circuit. In this work, we propose several novel HTs that can be placed into a RISC-V core's post-layout in an untrusted manufacturing environment. Next, we propose a non-invasive analytical method based on contactless optical probing to detect any stealthy HTs. Finally, we propose an open-source library of HTs that can be used to be placed into a processor unit in the post-layout phase. All the designs in this work are done using a commercial 28nm technology.

Stealthy and Flexible Trojan in Deep Learning Framework

Abstract: Deep neural networks are increasingly used as the critical component of applications, bringing high computational costs. Many practitioners host their models on third-party platforms. This practice exposes DNNs to risks: A third party hosting the model may use a malicious deep learning framework to implement a backdoor attack. Our goal is to develop the realistic potential for backdoor attacks in third-party hosting platforms. We introduce a threatening and realistically implementable backdoor attack that is highly stealthy and flexible. We inject trojans by hijacking the built-in functions of the deep learning framework. Unlike existing backdoor attacks, the proposed sequential trigger is a specific sequence of clean image sets. Moreover, our attack is model agnostic and does not require retraining the model or modifying the parameters. Its stealthy is that injecting trojans will not change the models prediction for a clean image. Its flexibility lies in that adversary can remodify the trojan behavior at any time. Extensive experiments on multiple benchmarks with different frameworks demonstrate that our attack achieves a perfect success rate. And we can inject multiple trojans which do not affect each other at the same time. Analysis and experiments further show that state-of-the-art defenses are ineffective against our attacks.

Semantics-Preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection

Abstract: As an increasing number of deep-learning-based malware scanners have been proposed, the existing evasion techniques, including code obfuscation and polymorphic malware, are found to be less effective. In this work, we propose a reinforcement learning based semantics-preserving (i.e. functionality-preserving) attack against black-box GNNs (Graph Neural Networks) for malware detection. The key factor of adversarial malware generation via semantic Nops insertion is to select the appropriate semantic Nops and their corresponding basic blocks. The proposed attack uses reinforcement learning to automatically make these “how to select” decisions. To evaluate the attack, we have trained two kinds of GNNs with three types (e.g., Backdoor, Trojan, and Virus) of Windows malware samples and various benign Windows programs. The evaluation results have shown that the proposed attack can achieve a significantly higher evasion rate than four baseline attacks, namely the binary diversification attack, the semantics-preserving random instruction insertion attack, the semantics-preserving accumulative instruction insertion attack, and the semantics-preserving gradient-based instruction insertion attack.

Circuit Topology-aware Vaccination-based Hardware Trojan Detection

Abstract: Hardware Trojans pose a critical security threat to modern integrated circuits (ICs) through malicious activities, including leaking critical information, executing unauthorized commands, and reducing IC lifetime. Traditional functional and structural verification approaches are inefficient in detecting stealthy Trojans effectively due to corner conditions and rare triggers. Furthermore, the existing approaches are limited to specific circuit designs and require formulating new models for other IC designs. In order to overcome such shortcomings, we introduce an IC topology and behavior-aware hardware Trojan (HT) detection approach, where we extract different structural features of the underlying IC along with the behavioral information for HT detection. Structural features include node (gate) types and their respective counts and connectivity information extracted through an automated process using graph learning. These features are complemented with the behavioral information such as operating frequency and bit-flip patterns under anomalous operating conditions (analogous to vaccination) and analyzed for Trojan detection. We propose a Graph Neural Network (GNN) architecture where we utilize a Graph Convolution Network (GCN) for detecting Hardware Trojans. The proposed technique does not require the golden IC reference design for HT detection. Our model shows an average of around 93.15% accuracy while tested on an utterly unseen Trojan benchmark during the training phase. This shows that the proposed technique can learn the structural feature distribution of the ICs and their behavioral information to distinguish Trojan-free and Trojan-inserted circuits irrespective of the IC topology used in the training phase.

Trojan spoofing: A threat to critical infrastructure

Abstract: This article explores the phenomenon of location spoofing—where the spoofer is able to “teleport” systems in and out of defined locations, either for the purpose of infiltration into no-go zones or for the “teleportation” out of real, defined zones in the physical world. The research relied on a qualitative methodology, utilising academic research findings, media reports, hacker demonstrations, and secondary data from these sources, to situate the spoofing threat in the context of international security. This conceptual, argumentative essay finds that signal spoofing, the methods of which can be followed via online scripts, allows users the ability to overcome geographically defined territorial restrictions. This, as this article finds, allows violent actors to weaponise systems, such as unmanned aerial systems, potentially leading to the escalation of political tensions in extreme but unfortunately ever-frequent episodes. The article concludes that, while Trojan spoofing (in particular) poses a real and an existential threat to international security, it is only a sum-of-all parts in considering other threats to critical functions in society. If geofences are used as a single point of security to protect assets against hostile actors, managers need to be aware of the vulnerability of intrusion and the resulting geopolitical consequences.

Hardware Trojan Detection Using Machine Learning: A Tutorial

Abstract: With the growth and globalization of IC design and development, there is an increase in the number of Designers and Design houses. As setting up a fabrication facility may easily cost upwards of $20 billion, costs for advanced nodes may be even greater. IC design houses that cannot produce their chips in-house have no option but to use external foundries that are often in other countries. Establishing trust with these external foundries can be a challenge, and these foundries are assumed to be untrusted. The use of these untrusted foundries in the global semiconductor supply chain has raised concerns about the security of the fabricated ICs targeted for sensitive applications. One of these security threats is the adversarial infestation of fabricated ICs with a Hardware Trojan (HT). An HT can be broadly described as a malicious modification to a circuit to control, modify, disable, or monitor its logic. Conventional VLSI manufacturing tests and verification methods fail to detect HT due to the different and un-modeled nature of these malicious modifications. Current state-of-the-art HT detection methods utilize statistical analysis of various side-channel information collected from ICs, such as power analysis, power supply transient analysis, regional supply current analysis, temperature analysis, wireless transmission power analysis, and delay analysis. To detect HTs, most methods require a Trojan-free reference golden IC. A signature from these golden ICs is extracted and used to detect ICs with HTs. However, access to a golden IC is not always feasible. Thus, a mechanism for HT detection is sought that does not require the golden IC. Machine Learning (ML) approaches have emerged to be extremely useful in helping eliminate the need for a golden IC. Recent works on utilizing ML for HT detection have been shown to be promising in achieving this goal. Thus, in this tutorial, we will explain utilizing ML as a solution to the challenge of HT detection. Additionally, we will describe the Electronic Design Automation (EDA) tool flow for automating ML-assisted HT detection. Moreover, to further discuss the benefits of ML-assisted HT detection solutions, we will demonstrate a Neural Network (NN)-assisted timing profiling method for HT detection. Finally, we will discuss the shortcomings and open challenges of ML-assisted HT detection methods.

Hardware Trojan Insertion in Finalized Layouts: From Methodology to a Silicon Demonstration

Abstract: Owning a high-end semiconductor foundry is a luxury very few companies can afford. Thus, fabless design companies outsource integrated circuit fabrication to third parties. Within foundries, rogue elements may gain access to the customer’s layout and perform malicious acts, including the insertion of a hardware trojan (HT). Many works focus on the structure/effects of a HT, while very few have demonstrated the viability of their HTs in silicon. Even fewer disclose how HTs are inserted or the time required for this activity. Our work details, for the first time, how effortlessly a HT can be inserted into a finalized layout by presenting an insertion framework based on the engineering change order flow. For validation, we have built an ASIC prototype in 65nm CMOS technology comprising of four trojaned cryptocores. A side-channel HT is inserted in each core with the intent of leaking the cryptokey over a power channel. Moreover, we have determined that the entire attack can be mounted in a little over one hour. We also show that the attack was successful for all tested samples. Finally, our measurements demonstrate the robustness of our SCT against skews in the manufacturing process.

Structural and SCOAP features based approach for hardware Trojan detection using SHAP and Light Gradient Boosting model

Abstract: <p>Hardware Trojan (HT) is the most critical threat due to outsourcing of Integrated circuit designing phases. Therefore, a new technique is proposed that utilizes structural and SCOAP features to detect HT from the gate-level netlist using Light Gradient Boosting (Light GBM). Further, a model agnostic Shapley additive explanations (SHAP) is employed to identify each feature global and local impact on model prediction. Moreover, a quartile-based feature selection method is proposed, which uses SHAP to identify the optimal feature set by keeping low retraining rounds. Experimental results show that the proposed technique accurately detects always-on-Trojans and HT nets from Trust-Hub, DeTrust, and DeTest benchmarks.</p>

Static Probability Analysis Guided RTL Hardware Trojan Test Generation

Abstract: Directed test generation is an effective method to detect potential hardware Trojan (HT) in RTL. While the existing works are able to activate hard-to-cover Trojans by covering security targets, the effectiveness and efficiency of identifying the targets to cover are ignored. We propose a static probability analysis method for identifying the hard-to-active data channel targets and generating the corresponding assertions for the HT test generation. Our method could generate test vectors to trigger Trojans from Trust-hub, DeTrust, and OpenCores in 1 minute and get 104.33X time improvement on average compared with the existing method.

Hardware Trojan Detection Method Based on Dual Discriminator Assisted Conditional Generation Adversarial Network

Abstract: Abstract Hardware Trojans are usually implanted by making malicious changes to a chip circuit, which can destroy chip functions or expose sensitive information once activated. The hardware Trojan detection method based on side channel information has now become one of the most widely used detection methods. However, due to the influence of the deviation of the acquisition equipment and the noise of the actual chip working environment, insufficient acquisition of useful information of the collected side channel information occurs, affecting the final results. To address the problem, this paper proposes a detection method based on a dual discriminator assisted conditional generation adversarial network (D2ACGAN), which combines the benefits of CGAN, ACGAN, and D2GAN models and can learn a variety of valid information of the tested chip. It can distinguish between side channel data with and without hardware Trojan and classify hardware Trojan using the extended data. Furthermore, to compare the performance of the proposed model, we use the existing CGAN and ACGAN models equally for side channel information expansion and hardware Trojan detection. Finally, the designed hardware Trojan is implanted in an encryption chip for generating data quality evaluation experiments and model method performance experiments. The results show that the average detection accuracy of the D2ACGAN-based hardware Trojan classification model can reach 97.08%, which is better than the detection models based on CNN, SVM, etc. The D2ACGAN model also outperforms the CGAN and ACGAN models in terms of generated data and hardware Trojan classification.

Allusion to the Trojan myth in the legendary toposphere of Kyiv

Abstract: The research is devoted to the study of allusions to the Trojan myth in the legendary toposphere of Kyiv, whose foundations go back centuries and are immersed in the mythological layer of human historical development. Kyiv has become not only the center of structuring the proto-state of Ukraine, but also a symbol of the formation of the socio-cultural identity of its inhabitants. For centuries, Kyiv has occupied a special place among the iconic cities of the European continent, which makes it important to study its cultural topoi. The purpose of the study is to identify, analyze, and synthesize mythological patterns of Trojan themes in the socio-cultural landscape of Kyiv and their impact on the processes of forming collective self-awareness and proto-national identity. The study analyzes the reception of the Trojan myth on the basis of Kyiv toponymy and mythopoetics, chronicle sources and literary works, which allows us to construct its mythological palimpsest, which without the Trojan theme would be deprived of an expressive layer. The study traces the transformation of mythological representations of the Kievan Rus era, which were later in demand in Ukraine during the Baroque period. Ultimately, a retrospective study of the field of proto-national myth in the variations of mythologies as its constituent elements allows us to reach a deeper level of collective mentality, which is the basis for the development of national identity through the realization and adaptation of deep symbolic structures. The Trojan theme has not yet been presented in urban studies of Kyiv, although it has a certain number of manifestations in the cultural environment of the city. The study is based on the use of general scientific methods of analysis and synthesis of cultural information. The interpretive method was used to model theoretical constructs. Among the special methods, myth restoration was chosen as a priority. The hypothesis put forward in the study and its testing are reliable and presented for the first time.

Detecting Neural Trojans Through Merkle Trees

Abstract: Deep neural networks are utilized in a growing number of industries. Much of the current literature focuses on the applications of deep neural networks without discussing the security of the network itself. One security issue facing deep neural networks is neural trojans. Through a neural trojan, a malicious actor may force the deep neural network to act in unintended ways. Several potential defenses have been proposed, but they are computationally expensive, complex, or unusable in commercial applications. We propose Merkle trees as a novel way to detect and isolate neural trojans.

A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists

Abstract: Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party or software can maliciously alter a hardware intellectual property (IP) block mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojan attacks, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and evaluation benchmarks to the FPGA domain, which leaves much of the FPGA-specific Trojan space uncovered. We note that the distinctive business model as well as the architectural configurations of FPGAs present unique opportunities for Trojan attacks to an adversary. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists. It is capable of inserting different types of FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic, and distributed dark silicon. Soft template Trojans use behavioral templates with random synthesis constraints to increase Trojan structural diversity. Monolithic and distributed dark silicon Trojans use the under-utilized input space (FPGA dark silicon) in FPGA primitives to realize Trojans with effectively zero area and power footprint. Further optimizations are also presented to remove any potential delay impact. We then generate over 1300 Trojan-inserted benchmarks using each of the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power. Finally, we evaluate our Trojans against a machine learning-based Trojan detection to highlight their evasiveness.

Area Reduction AES Algorithm in Hardware Trojan Detection

Abstract: Hardware Trojan (HT) has lately become a significant problem for computer systems, especially those utilised for mission critical functions like medical or military ones. Effects that have been proposed include everything from the gadget completely malfunctioning to secret information leaking. The Trojans that have been suggested so far have a variety of effects on a device's dependability. There are many types of algorithms but this study considers AES algorithm as AES operates by utilizing a chain of linked operations that replace and shuffle the input data, which is known as the substitution permutation network concept. The sorts of hardware trojan areas in the AES algorithm are reviewed in this study, along with potential strategies to prevent them. The recommended effort results in a 2.6% decrease in the average area.

The invasion of a free floating planet and the number asymmetry of Jupiter Trojans

Abstract: This paper extends our previous study (Li et al. 2023) of the early evolution of Jupiter and its two Trojan swarms by introducing the possible perturbations of a free floating planet (FFP) invading the Solar System. In the framework of the invasion of a FFP, we aim to provide some new scenarios to explain the number asymmetry of the L4 and L5 Jupiter Trojans, and some other observed features. We investigate two different cases: (i) The indirect case, where Jupiter experiences a scattering encounter with the FFP and jumps outwards at a speed that is much higher than that considered in(Li et al. 2023), resulting in a change in the numbers of the L4 (N4) and L5 (N5) Trojans swarms. (ii) The direct case, in which the FFP traverses the L5 region and affects the stability of the local Trojans. In the indirect case, the outward migration of Jupiter can be fast enough to make the L4 islands disappear temporarily, inducing a resonant amplitude increase of the local Trojans. After the migration is over, the L4 Trojans come back to the re-appeared and enlarged islands. As for the L5 islands, they always exist but expand even more considerably. Since the L4 swarm suffers less excitation in the resonant amplitude than the L5 swarm, more L4 Trojans are stable and could survive to the end. In the direct case, the FFP could deplete a considerable fraction of the L5 Trojans, while the L4 Trojans at large distances are not affected and all of them could survive. Both the indirect and direct cases could result in a number ratio of R45=N4/N5~1.6 that can potentially explain the current observations. The latter has the advantage of producing the observed resonant amplitude distribution. For achieving these results, we propose that the FFP should have a mass of at least of a few tens of Earth masses and its orbital inclination is allowed to be as high as 40 degrees.

Hardware Trojans in Power Conversion Circuits

Abstract: This report investigates the potential impact of a Trojan attack on power conversion circuits, specifically a switching signal attack designed to trigger a locking of the pulse width modulation (PWM) signal that goes to a power field-effect transistor (FET). The first simulation shows that this type of attack can cause severe overvoltage, potentially leading to functional failure. The report proposes a solution using a large bypass capacitor to force signal parity, effectively negating the Trojan circuit. The simulation results demonstrate that the proposed solution can effectively thwart the Trojan attack. However, several caveats must be considered, such as the size of the capacitor, possible current leakage, and the possibility that the solution can be circumvented by an adversary with knowledge of the protection strategy. Overall, the findings suggest that proper protection mechanisms, such as the proposed signal-parity solution, must be considered when designing power conversion circuits to mitigate the risk of Trojan attacks.

A survey of Digital Manufacturing Hardware and Software Trojans

Abstract: Digital Manufacturing (DM) refers to the on-going adoption of smarter, more agile manufacturing processes and cyber-physical systems. This includes modern techniques and technologies such as Additive Manufacturing (AM)/3D printing, as well as the Industrial Internet of Things (IIoT) and the broader trend toward Industry 4.0. However, this adoption is not without risks: with a growing complexity and connectivity, so too grows the cyber-physical attack surface. Here, malicious actors might seek to steal sensitive information or sabotage products or production lines, causing financial and reputational loss. Of particular concern are where such malicious attacks may enter the complex supply chains of DM systems as Trojans -- malicious modifications that may trigger their payloads at later times or stages of the product lifecycle. In this work, we thus present a comprehensive overview of the threats posed by Trojans in Digital Manufacturing. We cover both hardware and software Trojans which may exist in products or their production and supply lines. From this, we produce a novel taxonomy for classifying and analyzing these threats, and elaborate on how different side channels (e.g. visual, thermal, acoustic, power, and magnetic) may be used to either enhance the impact of a given Trojan or utilized as part of a defensive strategy. Other defenses are also presented -- including hardware, web-, and software-related. To conclude, we discuss seven different case studies and elaborate how they fit into our taxonomy. Overall, this paper presents a detailed survey of the Trojan landscape for Digital Manufacturing: threats, defenses, and the importance of implementing secure practices.

Dynamic Programming-based Adversarial Windows Payload Generator

Abstract: Abstract This work presents a behavior preserving Adversarial payload framework against static Windows malware scanners.The framework uses Dynamic Programming to decide on the sequence of static code transformation actions to transform a Windows payload to its adversarial state. In an empirical evaluation with Windows payloads from Metasploit Framework in a black-box settings, static machine learning based and majority of commercial antivirus scanners can still be evaded by these transformations. The potency of these generated Adversarial payload capable of breaching commercial antivirus on users’ devices was demonstrated. The experimental results show a generated Adversarial Backdoor Trojan evade static and also evade its offline dynamic detector and establish a backdoor on the users’ device.

A Unioned Graph Neural Network Based Hardware Trojan Node Detection

Abstract: The globalization of the integrated circuit (IC) industry has raised concerns about hardware Trojans (HT), and there is an urgent need for efficient HT-detection methods of gate-level netlists. In this work, we propose an approach to detect Trojan-nodes at the gate level, based on graph learning. The proposed method does not require any golden model and can be easily integrated into the integrated circuits design flow. In addition, we further design a unioned GNN network to combine information from the input side, output side, and neighbor side of the directed graph to generate representative node embeddings. The experimental results show that it could achieve 93.4% in recall, 91.4% in F-measure, and 90.7% in precision on average across different designs, which outperforms the state-of-the-art HT detection methods.

In Search of ‘The Logic of War’ in Women of Owu by Femi Osofisan and The Trojan Women by Euripides

Abstract: <p>War literature</p>

TrojDiff: Trojan Attacks on Diffusion Models with Diverse Targets

Abstract: Diffusion models have achieved great success in a range of tasks, such as image synthesis and molecule design. As such successes hinge on large-scale training data collected from diverse sources, the trustworthiness of these collected data is hard to control or audit. In this work, we aim to explore the vulnerabilities of diffusion models under potential training data manipulations and try to answer: How hard is it to perform Trojan attacks on well-trained diffusion models? What are the adversarial targets that such Trojan attacks can achieve? To answer these questions, we propose an effective Trojan attack against diffusion models, TrojDiff, which optimizes the Trojan diffusion and generative processes during training. In particular, we design novel transitions during the Trojan diffusion process to diffuse adversarial targets into a biased Gaussian distribution and propose a new parameterization of the Trojan generative process that leads to an effective training objective for the attack. In addition, we consider three types of adversarial targets: the Trojaned diffusion models will always output instances belonging to a certain class from the in-domain distribution (In-D2D attack), out-of-domain distribution (Out-D2D-attack), and one specific instance (D2I attack). We evaluate TrojDiff on CIFAR-10 and CelebA datasets against both DDPM and DDIM diffusion models. We show that TrojDiff always achieves high attack performance under different adversarial targets using different types of triggers, while the performance in benign environments is preserved. The code is available at https://github.com/chenweixin107/TrojDiff.

T-TER: Defeating A2 Trojans with Targeted Tamper-Evident Routing

Abstract: Since the inception of the Integrated Circuit (IC), the size of the transistors used to construct them has continually shrunk. While this advancement significantly improves computing capability, fabrication costs have skyrocketed. As a result, most IC designers must now outsource fabrication. Outsourcing, however, presents a security threat: comprehensive post-fabrication inspection is infeasible given the size of modern ICs, so it is nearly impossible to know if the foundry has altered the original design during fabrication (i.e., inserted a hardware Trojan). Defending against a foundry-side adversary is challenging because—even with as few as two gates—hardware Trojans can completely undermine software security. Researchers have attempted to both detect and prevent foundry-side attacks, but all existing defenses are ineffective against additive Trojans with footprints of a few gates or less.

SSL-Cleanse: Trojan Detection and Mitigation in Self-Supervised Learning

Abstract: Self-supervised learning (SSL) is a commonly used approach to learning and encoding data representations. By using a pre-trained SSL image encoder and training a downstream classifier on top of it, impressive performance can be achieved on various tasks with very little labeled data. The increasing usage of SSL has led to an uptick in security research related to SSL encoders and the development of various Trojan attacks. The danger posed by Trojan attacks inserted in SSL encoders lies in their ability to operate covertly and spread widely among various users and devices. The presence of backdoor behavior in Trojaned encoders can inadvertently be inherited by downstream classifiers, making it even more difficult to detect and mitigate the threat. Although current Trojan detection methods in supervised learning can potentially safeguard SSL downstream classifiers, identifying and addressing triggers in the SSL encoder before its widespread dissemination is a challenging task. This is because downstream tasks are not always known, dataset labels are not available, and even the original training dataset is not accessible during the SSL encoder Trojan detection. This paper presents an innovative technique called SSL-Cleanse that is designed to detect and mitigate backdoor attacks in SSL encoders. We evaluated SSL-Cleanse on various datasets using 300 models, achieving an average detection success rate of 83.7% on ImageNet-100. After mitigating backdoors, on average, backdoored encoders achieve 0.24% attack success rate without great accuracy loss, proving the effectiveness of SSL-Cleanse.